Identity: Our Last Stand

By that I mean every corporate cathedral you can shake a mouse at is full
of Linux, yet Linux has not yet enabled a free and open marketplace for
every business and every customer. Instead, every human being on the
commercial net remains trapped in corporate cathedrals, many of which are
ravenous for the blood of personal data, most of which is acquired by
surveillance. In fact, nearly our entire existence in the commercial world
is inside cathedrals where we have near-zero autonomy and great exposure to
whatever those running the cathedrals wish to know about us.

The wide-open bazaar—the open public marketplace—where we can
roam free, as anonymous or selectively know-able as we please, still
doesn't exist online. And it should, because the internet protocol was
built to support it. Just because it isn't there yet doesn't mean we
shouldn't build it. Hell, commercial activity has existed on the
internet only for 21 years so far. (Starting on April 30, 1995—that's when the
NSFnet, the last of the internet backbones that forbade commercial traffic,
stood down.)

I know this isn't what Eric S.
Raymond was talking about in The Cathedral
and the Bazaar (his landmark book about software development, published
back at the turn of the millennium). Eric was talking about development
styles, contrasting closed "cathedral" environments with open
"bazaar"
ones. Linux was, and remains, the greatest exemplar of bazaar-style
development at work: a fact owed in no small measure to Eric's evangelism
of Linux and open source, much of it on
these very pages.

I'm borrowing Eric's metaphors here for two reasons. One is that I hope it
motivates some readers to admit that Linux has been used at least as much
to build corporate (and government) cathedrals as to liberate the geeks who
continue to write open-source code that makes building anything possible.
The other is that we need another coterie of alpha geeks working today on
creating an open marketplace, setting everyone free from the countless
closed ones that have become the norm and have made the surveillance
economy possible.

"Give me a place to stand and I can move the world", Archimedes said. Each
of us has that place with the internet. What we lack is a fulcrum.

That fulcrum isn't a machine. It's identity. We need to have root for our
own identities online. We have it in the offline world, but not yet online.
Getting that root is our challenge. With root for our own identities, we
will be able to go about our business anonymously by default, and identify
ourselves selectively on a need-to-know basis. That includes being able to
call ourselves whatever we please when dealing with other entities in the
world, and then engaging administrative systems—such as those in the
world's many cathedrals—in full control over what we share, what we
don't and how we leverage the same data, and attached permissions, across
all those systems.

Let's look at the physical world for a moment. By default, we are anonymous
to others there—literally, nameless. For example, when we walk down a city
street, we do not want or need everybody we pass or encounter to know who
we are, or anything about us, other than the fact that we are human and
participating in society. When we meet somebody, we may introduce ourselves
by our first names or nicknames. Or, we may give somebody a business card.
Asked for our name at the counter of a coffee shop, we can tell them
anything. I've met more than one guy named Mike who uses a different
name—Clive or something—because the name Mike is so common. At a
conference, we may wear a name badge, but even in those cases, some people
still just use their first names or turn their badges around.

What happens in all these cases is data sharing
on a need-to-know basis
that we control. Being able to do so is a grace of civilization. Not being
able to do so is a curse of celebrity, and a useful case in point. Being
known by all is a Faustian
bargain.
And we are all Fausts online today,
whether we like it or not.

Faust was the scholar in German legend who sold his soul to the devil for
unlimited knowledge and worldly pleasure. The difference with us is that we
don't sell personal data about ourselves. We don't even give it away.
We
just acquiesce to ubiquitous surveillance, through which all kinds of
personal data gets snarfed up without our knowing much, if anything, about
it.

The bishops in charge of personal data acquisition in today's corporate
cathedrals are the Chief Marketing Officers (a title that hardly existed in
the pre-internet world) or their equivalents. They and their many agents
believe it is both possible and desirable to know everything about users
and customers, either by direct surveillance through browsers and apps or
indirectly through access providers and other third parties.

Thanks to growing Big Data budgets and appetites, and absent legal and
technical restraints, the market for personal data has become vast and
complex beyond any one party's full understanding. It even includes
real-time data, harvested from cookies and other tracking files, sold by
auction to help guide advertising messages directly toward crosshairs on
eyeballs and eardrums.

As if all this were not bad enough, everybody interacting with these
cathedrals online has the added burden of needing separate
passports—logins and passwords—to clear customs at every entrance.

In "Doing
for User Space What We Did for Kernel Space" (published in
LJ two
months ago),
I gave the examples of what a few startups are doing to give
us identity root. There are, and should be, many more working on the same
case. And soon. Because identity is our last
stand. Making it ours, finally
and absolutely, is the only way we secure our independence and liberty
online. It is the only way the world's economy becomes a true bazaar.

It's a handy thing that we can get together soon to talk about it and work
on code: next month, at the next Internet Identity
Workshop,
on October
25–27, 2016. I have co-hosted these with Phil Windley
and Kaliya Hamlin (aka
IdentityWoman)
since 2005. IIW, as
it is best known, is a three-day
unconference
held twice a year
at the Computer History Museum
in Silicon
Valley. It's cheap as conferences go. The charge just covers our expenses;
we don't make money off it. (In fact, if you can send sponsors our way,
that'll help too. Sponsors pay for the food, which is always good.)
Register
here.